- Protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws
- Creating new standards for corporate accountability
- Creating new penalties for acts of wrongdoing
- Formalizing and strengthening internal checks and balances within corporations
- Instituting new levels of control and sign-off designed to
- Ensuring full disclosure in financial reporting
- Ensuring full transparency corporate governance is transactions
Scope:
- All public companies in the USA
- International companies that have registered equity or debt securities with the Securities and Exchange Commission
- Accounting firms providing auditing services
Main Architects:
- Senator Paul Sarbanes
- Representative Michael Oxley
Effective Date:
Signed on the law by President Gorge W. Bush on July 30, 2002.
Structure:
Divided into 11 sections called titles. Sections that are more pertinent to compliance:
- Sarbanes-Oxley 302
- Sarbanes-Oxley 401
- Sarbanes-Oxley 404
- Sarbanes-Oxley 409
- Sarbanes-Oxley 802
Audit Requirements:
The Act requires all financial reports to include an internal control report.
Penalties:
- Up to $1 million and imprisonment for up to ten years
- Up to $5 million and imprisonment for up to twenty years for willful wrongdoing
Role of IT:
- IT security is important under Sarbanes-Oxley act because IT being the backbone of all modern-day industries, it is in the core of the accuracy, reliability and integrity of that reporting. It is responsible for protection of sensitive user information too
- Software design standards COSO (Committee of Sponsoring Organizations of the Tradeway Commission, 1985)and COBIT (Control Objectives for Information and related Technology framework, 1986)
- SarbOxPro program offers standard libraries and interface
Some Online Resources:
